CVE-2023-1018

{"id": "CVE-2023-1018", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-02-28T18:15:10.290", "references": [{"url": "https://kb.cert.org/vuls/id/782720", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://trustedcomputinggroup.org/about/security/", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/782720", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://trustedcomputinggroup.org/about/security/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."}], "lastModified": "2025-03-07T19:15:33.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC453113-CAE8-44B0-8306-7BB854B77EB4"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "3FE6559F-B4C0-4188-86CB-4DB6FBB85A5C", "versionEndExcluding": "10.0.10240.19805"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "93CEF0C6-6B6E-4157-A763-89F570FE0AB7", "versionEndExcluding": "10.0.14393.5786"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "3001E324-7A3C-4EEB-86DC-E79471F752BD", "versionEndExcluding": "10.0.17763.4131"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "579AE0F1-E226-4504-9BF8-05E7BAE682D7", "versionEndExcluding": "10.0.19042.2728"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "D41F5E5B-D344-41B1-A160-8118DDB623C3", "versionEndExcluding": "10.0.19044.2728"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "BA59AB71-F8C7-49B0-AD2F-F9C00D82C85A", "versionEndExcluding": "10.0.19045.2728"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "6D06089A-31F7-44C7-98CB-216ABAD280A4", "versionEndExcluding": "10.0.22000.1696"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "7BB45E5C-C74C-46B1-BE64-4EF90075A3CC", "versionEndExcluding": "10.0.22621.1413"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40EFB742-9414-4585-A71E-4316D488BFA7", "versionEndExcluding": "10.0.14393.5786"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D19233CA-3830-499D-A4C0-2C023C8AD700", "versionEndExcluding": "10.0.17763.4131"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA73D25B-EB4C-4493-9C79-4F4E181FF95B", "versionEndExcluding": "10.0.20348.1607"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}